From nobody Sat Feb 13 17:53:50 2021
Return-Path: <prvs=16797bde60=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id B6D4E3A12A7
 for <cfrg@ietfa.amsl.com>; Sat, 13 Feb 2021 17:53:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.005
X-Spam-Level: 
X-Spam-Status: No, score=0.005 tagged_above=-999 required=5
 tests=[MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001,
 UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001]
 autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id RDKzNw-86g76 for <cfrg@ietfa.amsl.com>;
 Sat, 13 Feb 2021 17:53:45 -0800 (PST)
Received: from llmx3.ll.mit.edu (LLMX3.LL.MIT.EDU [129.55.12.49])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 571293A12A5
 for <cfrg@irtf.org>; Sat, 13 Feb 2021 17:53:44 -0800 (PST)
Received: from LLE2K16-MBX02.mitll.ad.local (LLE2K16-MBX02.mitll.ad.local) by
 llmx3.ll.mit.edu (unknown) with ESMTPS id 11E1re83022232;
 Sat, 13 Feb 2021 20:53:40 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none;
 b=Sse3RLyhSuQY6zR/qzjFcVQq6yMDKgfSJgBq5Rj5GQZ6+Z2BhvJ39CIAC8zXcbhdhw59so9ZK1ADa3r/Ei/4lSS3PkZDsKsdOH7PUlhIr7pZIKdmK99NRulpDCkbpKUhKuUIrIzs5ZXpSb44cVNab2z950bRiGax145wuRHujuNp0f5Pn/VhC5S4ASVeUk4tbrJx5ULOl8zrjDP0/jx8EMVUCeqW5tZ/V7e97b4ks1HybzFhjiZ5fTBRHLmQSlLLvj4vI6zJB18Nmte49n9Xd6oj0mVtTLBogk8beLQYD65IS0LUHJLpv6O4n5b0WohepFddoWI5rjDjKM6n7TszMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector5401;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=TrVexq1bRmK8EWLnK1kI38LzyptYMlcXOxCE7Z/l3y0=;
 b=HmufGWgptD8t9POaMgCaNURBGBQPebPmY+pHMq/R8HP7t2JR+exixGbHpFKwPp3b/F+tNwn8P0K8XPfF6dJ7XqrtmSjjIYvOdHreLHz4i6Q/+veOnh32vP/r3kVbxosCUjI6Agb72Kyq0bbhC5tz5sdg+IVTSKDiwEW64C4Er8p4Ql8aC66ZwvtmZfN+D2d4u8lFuvfTBq0mdZQGNPQhGXTYpXWbyQkxXWFzCvlynUMKob718FOwMond+F8iBa+rlSs970LuOCQnCY/cULAolYP2HqpRGzo7gGlrV55oyl95R6XJg0ogR7HZQm+95XRzVaf9NFe/EZbTLj9+b37mIg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu;
 dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Dan Harkins <dharkins@lounge.org>, Karthikeyan Bhargavan
 <karthik.bhargavan@gmail.com>
CC: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] Fixing the multi-shot API of HPKE
Thread-Index: AQHXAZcMrnaBhuTgpUC9Z0BiBgaMoKpV7okAgAAVyoCAAI0RgA==
Date: Sun, 14 Feb 2021 01:53:37 +0000
Message-ID: <0E497EBB-0D08-45D7-B75F-691EAEBB1925@ll.mit.edu>
References: <c089c88b-c5f6-f228-31a3-fb4e97a436c8@lounge.org>
 <4FCD508B-0ECB-4F7B-B252-B92CDFBC5B8B@gmail.com>
 <1ded9ec0-4da1-981d-fedc-709ca301c166@lounge.org>
In-Reply-To: <1ded9ec0-4da1-981d-fedc-709ca301c166@lounge.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
user-agent: Microsoft-MacOutlook/16.44.20121301
authentication-results: lounge.org; dkim=none (message not signed)
 header.d=none;lounge.org; dmarc=none action=none header.from=ll.mit.edu;
x-originating-ip: [129.55.200.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: daf4b6ea-7480-4f37-f1ca-08d8d08b587c
x-ms-traffictypediagnostic: DM3P110MB0556:
x-microsoft-antispam-prvs: <DM3P110MB0556B4EBE2AD9444824DD3EB90899@DM3P110MB0556.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2UGSDs2wbeHvNo+ti7KfUgcp6odCBx3+AtZoFdtuoYmT0s3BtvBa9lSsrGmMwolUnd6A9GO4ogsfZTQv0fx1tCE+tCS8n5yn2y32yZkKVRTI6PXAKj4Jw6D1DzbmT0bkpmyX6j1VRf3TkP+fJ2pVp9G8bZ8s1+zdBV0/4mcPnUl5E5KfiIjv4CKzU4lMMw/jpkQOFRNZxhv+lHge8X+acP3BQgN0EBzbCFb82DIIqOK1UfaXDdMOFSAXm0Ux4ZhUzjlVubGHzekBPz8+CvZIkUXB+avH7ihIWDw1TLZZnXWd8XO+QlOKZr2iqoZzl/++lnT/R3WGicBSsxIVVjTcdGHshyNl50woIssh3RnElLvP5hJAMl78ecLxCiNyU4/htijCWhOsFgwLceN7bZQ92jo0NTwSHfJohZLm4qVEPFi54l7+u9i5JoZfAvwgVU4rcmtlaRRg1UpdtStAQBZJX3HIBMs0W5fiJ10xYZ0IQC941FC8SAtcnA38wVd2XMSlDapzfxVDin42xlWu/v9WODtAQ3NcXtXmt8haV2pUqIx+zJYav1w4IMKYf1zOJMcYgwo4beAnMBeG4Ddwgxu72Cm/P0NP6WFPbvd4x72qmmd6ZOR05fJu1FvIx1kwvZTm65+I5OkbkNNhO9zMzhdEoG9tjWxPOBdE742jngYdz4U=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; 
 IPV:NLI; SFV:NSPM;
 H:DM3P110MB0234.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; 
 SFS:(4636009)(366004)(110136005)(33656002)(26005)(66556008)(99936003)(75432002)(186003)(8676002)(8936002)(64756008)(2906002)(5660300002)(66446008)(966005)(83380400001)(53546011)(4326008)(6506007)(6512007)(71200400001)(498600001)(66616009)(66476007)(76116006)(6486002)(66946007)(86362001)(2616005)(956004)(45980500001);
 DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata: LuuK4xAaTgPwI7Sb++zWdnf/A12mYiGtIscZLPAlQlWCncZUj/OMlECpIt+HTzTwydG7wOge6oVze20SxP3FTRyNO/zB6rlWOmq2vHGnQCrkMyu9Pt/tY/v9WqnIxCU4nfMJSjWRtabedfT34oS2BnWLRkIU44Z5UG3ew24E2A2KCyb8/b8gVEfcfstICBw/LAZizXZXeAhfYzrvWMOO+dB0/kSS9fcKNTstnRC+mUalhobZAJq/Wsjzd67e5MN8iW9/T2du1Q8nshsi3MBi69Zn00kvIJ+9E5vFJTiGT6nwlqpk8X9c90Y3EGRadF1QngYr4dGODVzwSWaGbzQWQI9DSwCYsA/AqET5cO81j2i+0nkIZbCqlTHcWEiLDKDSzpltKqE8chmST6LMsqVeo5g3rH8s8v3DJQOfZbP+RD58o4pQVlxlopx7jXcVCk3ryg2Jdnz76Lj29MGHlSaWfm4lsFL+D+1ds/BGXEUHN2YifroPzJbZl4Abmjur1tQjgvGgAq6RUas3bFjl8M6CVHwEPNh5MKltmkVCOQprDi4/EGigL93iKQW3YouNS9516DCjSc5ZdvssIL1dLQ8VFmfbye6h4n4NRys52VkUDhrqWPouZnkosDWl+qf3Fjx6AQeZDwkZKhcJKsV6mPnq/1YyEt5LTOI6rkhwq1rWtNiiyJ0YYazfSERcgCQB/MJWXivBr+IIhUL2Xl1s2elNOQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
 micalg=sha256; boundary="B_3696094412_2008526837"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM3P110MB0234.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: daf4b6ea-7480-4f37-f1ca-08d8d08b587c
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2021 01:53:37.5120 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: AMbE15fX+8iEPbdOwAfi2W1uUogbxfk3tE3n18ocrTedRTcV1PgTyhBGTryppeFH
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3P110MB0556
X-OriginatorOrg: ll.mit.edu
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737
 definitions=2021-02-13_02:2021-02-12,
 2021-02-13 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0
 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-2009150000 definitions=main-2102140010
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/C7iDcQeKkuFgAVJPGcCmF9RmBSU>
Subject: Re: [CFRG] Fixing the multi-shot API of HPKE
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>,
 <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>,
 <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Feb 2021 01:53:48 -0000

--B_3696094412_2008526837
Content-type: text/plain;
	charset="UTF-8"
Content-transfer-encoding: quoted-printable

Strictly speaking, AES-GCM-SIV does *not* need a nonce, given that the boun=
ds (how many messages of what size are secured with the same key) are observ=
ed.

I found that a very useful property. Not everybody needs that, and not alwa=
ys - but it's like "you don't need it, until you *really* need it".
--
Regards,
Uri
=20
There are two ways to design a system. One is to make is so simple there ar=
e obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                           =
                                                          -  C. A. R. Hoare
=20

=EF=BB=BFOn 2/13/21, 07:29, "CFRG on behalf of Dan Harkins" <cfrg-bounces@irtf.or=
g on behalf of dharkins@lounge.org> wrote:


       Hi Karthik,

    On 2/13/21 3:10 AM, Karthikeyan Bhargavan wrote:
    > Hi Dan,
    >
    > I don=E2=80=99t fully understand the problem you are alluding to.
    >
    >>     "It is up to the application to ensure that encryptions and
    >>      decryptions are done in the proper sequence, so that encryption
    >>      and decryption nonces align.=E2=80=9D
    > The HPKE stateful API guarantees that nonces cannot be misused, even =
if you use AES-GCM or Chacha-Poly. (Of course, you could also add a SIV ciph=
ersuite.)
    > Furthermore, it guarantees that the stream of plaintext messages rece=
ived by the decryptor is a prefix of the stream of plaintext messages sent b=
y the encryptor.

       It's not an issue of misuse, it's an issue of the sender and
    receiver contexts getting out of sync through entirely normal
    network behavior and becoming unusable.

    > In the current design, if two ciphertexts are decrypted out-of-order,=
 both decryptions will fail.
    > So the problem alluded to in the text above is one of functionality; =
the application has to ensure (using some meta-data) that it is calling decr=
ypt in the right order.
    > The application usually has to do something like this anyway to put t=
he plaintext stream together.
    >
    > I do not see how using AES-GCM-SIV is going to solve the above issue;=
 yes, it would allow you to decrypt the plaintext in any order, but  the HPK=
E receiver would not be able to authenticate the correct order.
    > Am I missing something?

       AES-GCM-SIV requires a nonce (although reuse is not tragic in the
    way it is for GCM) so there still needs to be some guarantee that the
    nonce plugged into the receiver is the same as the one plugged into
    the sender when the ciphertext was created. This is a proposal for
    AES-SIV (defined by Rogaway and Shrimpton) which can do deterministic
    AEAD (it can also be passed a nonce to be more like a traditional AEAD
    mode, albeit slower, but that's not what I'm proposing here). No nonce
    so nothing to worry about getting out of order.

       Regarding the correct order, for a streaming application yes that's
    true. The correct order would still be needed and whatever technique
    you use to ensure that decrypted packets get ordered correctly could
    probably be used to ensure that packets are decrypted in order. But
    there are other interesting applications of HPKE that are not streaming
    and each message can be thought of as self-contained. Imagine a sensor
    obtaining some environmental data and then sending it off to a server
    for correlation and processing every <time slice>. It would be quite
    easy for such a sensor and server to get their HPKE contexts out of
    sync and that would be a real PITA.

       regards,

       Dan.

    > -Karthik
    >
    >
    >
    >> On 13 Feb 2021, at 00:29, Dan Harkins <dharkins@lounge.org> wrote:
    >>
    >>
    >>    Hello again,
    >>
    >>    The HPKE spec defines a single shot API for doing things like key=
-wrapping.
    >> You pass in the recipient's public key and some plaintext and get ba=
ck a
    >> ciphertext. And that's it. One and done.
    >>
    >>    There is also (what I'll call for lack of a better word) a multi-=
shot API.
    >> The idea here is that there's a single asymmetric crypto operation i=
nvolving
    >> the recipient's pubic key to derive some state that resides in an op=
aque HPKE
    >> context and then multiple calls to encrypt distinct plaintexts. The =
state
    >> created includes a base nonce and a sequence number (initialized to =
zero).
    >> Each call to another encryption (decryption) increments the sequence=
 number
    >> which is xor'd with the base nonce and passed to the AEAD algorithm.=
 The HPKE
    >> APIs take a plaintext, and AAD, and produce a ciphertext, and vice v=
ersa.
    >>
    >>    This multi-shot API is fine if your world is Guaranteed In Order =
Delivery
    >> of Packets but that's not the world we all live in. As such, it'll o=
nly
    >> be a matter of time before the sender and receiver are out of sync. =
The
    >> HPKE draft alludes to this problem this way:
    >>
    >>
    >>
    >> Well that's a pain! One of the nice things about HPKE is that one do=
esn't
    >> need to worry about the nitty gritty of crypto state management anym=
ore,
    >> it's all hidden. The API is nice and clean-- pass in a plaintext and=
 get a
    >> ciphertext, pass in a ciphertext and get a plaintext.
    >>
    >>    If there was an AEAD mode that did not require a nonce it could b=
e used
    >> in HPKE's multi-shot API without need for the application to manage =
state
    >> and guarantee the parties stay in sync. Thankfully there is such an =
AEAD
    >> mode: AES-SIV (RFC 5297).
    >>
    >>    When I brought this up earlier (and also on github) in the contex=
t of
    >> misuse resistance the response was, there's an export-only API that =
will
    >> give you a secret and you can go do any AEAD mode you feel like, inc=
luding
    >> AES-SIV, issue closed.
    >>
    >>    While that is technically true, it applies equally to the AEAD fu=
nctions
    >> that HPKE already defines-- you can export a secret and do AES-GCM-2=
56
    >> outside of HPKE while managing the necessary state yourself. Yet HPK=
E
    >> defines AEAD functions whose state resides in an opaque context so t=
here
    >> is obviously value in having that functionality. I just want to get =
that
    >> value-- a clean, multi-shot API where I don't need to worry about ma=
naging
    >> state or guaranteeing people remain in sync-- for people who don't l=
ive
    >> in the world of Guaranteed In Order Delivery of Packets.
    >>
    >>    So I'd like to ask the group whether they see value in having a n=
once-less
    >> AEAD mode in HPKE. If so I'll be happy to resurrect the text changes=
 I
    >> proposed and will be happy to contribute test vectors from my HPKE
    >> implementation which already does AES-SIV.
    >>
    >>    One issue is that there are different security properties for a
    >> deterministic authenticated encryption scheme than for a probabilist=
ic
    >> scheme. This is discussed in [1] and the security considerations wou=
ld
    >> have to mention this. But I don't see that as a formidable problem.
    >>
    >>    regards,
    >>
    >>    Dan.
    >>
    >> [1] Rogaway and Shrimpton, "Deterministic Authenticated Encryption",
    >>      EUROCRYPT, 2006
    >>
    >> --=20
    >> "The object of life is not to be on the side of the majority, but to
    >> escape finding oneself in the ranks of the insane." -- Marcus Aureli=
us
    >>
    >> _______________________________________________
    >> CFRG mailing list
    >> CFRG@irtf.org
    >> https://www.irtf.org/mailman/listinfo/cfrg

    --=20
    "The object of life is not to be on the side of the majority, but to
    escape finding oneself in the ranks of the insane." -- Marcus Aurelius

    _______________________________________________
    CFRG mailing list
    CFRG@irtf.org
    https://www.irtf.org/mailman/listinfo/cfrg

--B_3696094412_2008526837
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIUfQYJKoZIhvcNAQcCoIIUbjCCFGoCAQExDzANBglghkgBZQMEAgEFADALBgkqhkiG9w0B
BwGgghJDMIIE8zCCA9ugAwIBAgITWQAE/KGDHCQY5NLn7AAAAAT8oTANBgkqhkiG9w0BAQsF
ADBRMQswCQYDVQQGEwJVUzEfMB0GA1UECgwWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEMMAoG
A1UECwwDUEtJMRMwEQYDVQQDDApNSVRMTCBDQS01MB4XDTIwMTIxMTAwMDQ0OVoXDTI1MTIx
MDAwMDQ0OVowYTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFk1JVCBMaW5jb2xuIExhYm9yYXRv
cnkxDzANBgNVBAsTBlBlb3BsZTEgMB4GA1UEAxMXQmx1bWVudGhhbC5VcmkuNTAwMTA1ODQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKE/w5SMRbjqdnzi3xm35MTfqSl/hP
NjMbDakZIdbjOM3UKEmPFXc6a6VU/QqOJUi6ndjw0tH7RCVP73bdRPXO/E8WiAaaSYG6Ddqr
02Pv6wThtFuh+ll9IbDRWZCrXdglHg5CdvqpmlsX5UY54/Gb5r+Je3CwHewClS9/KqklAu/M
Rj7Cc7g+PM9GcvU63WDVgXiuAplgvA+W5Hvmcnseb97nBuBnZ1kgbFScRNLR8y5QxSrSpXxW
YRiH8dlr/LfBSYsgClZ57NhMk6Z4YL3y1Pw6Vq8pXtM7hlSq8/6s/jhxwf6vUDDeBAkoEWxl
hqJtjdD+qrucwiRcrt9SNOufAgMBAAGjggGyMIIBrjAdBgNVHQ4EFgQURapIqD1qtfvgIhzU
5deTdhe9DyMwDgYDVR0PAQH/BAQDAgbAMB8GA1UdIwQYMBaAFC/vu8YNHbvpav6sZ/MHOwh2
9ktZMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXRjcmwvbGxj
YTUwZgYIKwYBBQUHAQEEWjBYMC0GCCsGAQUFBzAChiFodHRwOi8vY3JsLmxsLm1pdC5lZHUv
Z2V0dG8vbGxjYTUwJwYIKwYBBQUHMAGGG2h0dHA6Ly9vY3NwLmxsLm1pdC5lZHUvb2NzcDA9
BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDg+Udh+ynZoathxWD6vBFhbahHx2Fy94yh/+K
cwIBZAIBCjAiBgNVHSUBAf8EGDAWBggrBgEFBQcDBAYKKwYBBAGCNwoDDDAZBgNVHREEEjAQ
gQ51cmlAbGwubWl0LmVkdTAYBgNVHSAEETAPMA0GCyqGSIb3EgIBAwEIMCcGCSsGAQQBgjcU
AgQaHhgATABMAFUAcwBlAHIAUwBpAGcALQBTAFcwDQYJKoZIhvcNAQELBQADggEBABAw2S9N
p+Aii+rVwD0uTZSRjpL7QD9sWkH1WB1Yd/88m+R6xZtKiD1PJLKXzcumU1V9FAPYZufhCcPV
KRgyGbizPBn+f3t13bDieGHLd0DWM4abQiEgiFDsUDzTJ78WwHt/PFMjFe/oFSgghgKcOiBO
QdxA7oWgV0cvJmc0hNxV6aPACboXW4qAXKMaMXPrhAXJTkL81uoemEf54gdROFIdVLYOUdba
mGmstwRcTn1RsJhIcu2EDSNpyfwfK1NUNQAe199BaNenGrKW9yTHwEY55c9xusIEEaW+FLAi
jseXn2gIvlQ0W2P2NMm7YCir0F6PI3DDH8+XmfcrbSfNt9swggTAMIIDqKADAgECAgEGMA0G
CSqGSIb3DQEBCwUAMFYxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZNSVQgTGluY29sbiBMYWJv
cmF0b3J5MQwwCgYDVQQLEwNQS0kxGDAWBgNVBAMTD01JVExMIFJvb3QgQ0EtMjAeFw0xNzAz
MDIxMjAwMDBaFw0yNjAzMDIyMzU5NTlaMFExCzAJBgNVBAYTAlVTMR8wHQYDVQQKDBZNSVQg
TGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLDANQS0kxEzARBgNVBAMMCk1JVExMIENBLTUw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnmoMOvTkfw7nq19mrWazGaa+Q83Uv
0+ATXT3q6kr+WExIMIZ87C74WCcRXpvO7uvx7HvMsYWAFHW93wQwhjytxHIOZgKNJ4VnGVDU
l+KI7g0n9+Zjt3hB3HhHbcvbe9+Y4jz+XzCiLl2OaYvICKbxvbBSCLtPEeZQ6x6Tb6EK0ym0
gvYeHO3kuuY+SJHJMltbrLnIVLxjZrNVS77zXKvu6Q3hSdkRIB7kJgEXfL+p/z/2p94bEEZ2
TnQz0TkOjG+Jq7UlXlFRtvsYcDPEQD3UNkZsWcXgC1hXG8TGknUcAhlGxVhlKlFLmNd7342s
eGy2s9YxNDnSE+eXTtb0I5LLAgMBAAGjggGcMIIBmDASBgNVHRMBAf8ECDAGAQH/AgEAMB0G
A1UdDgQWBBQv77vGDR276Wr+rGfzBzsIdvZLWTAfBgNVHSMEGDAWgBT/ycllTFOA8akMPCGu
girH7vgy+zAOBgNVHQ8BAf8EBAMCAYYwZwYIKwYBBQUHAQEEWzBZMC4GCCsGAQUFBzAChiJo
dHRwOi8vY3JsLmxsLm1pdC5lZHUvZ2V0dG8vTExSQ0EyMCcGCCsGAQUFBzABhhtodHRwOi8v
b2NzcC5sbC5taXQuZWR1L29jc3AwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5sbC5t
aXQuZWR1L2dldGNybC9MTFJDQTIwgZIGA1UdIASBijCBhzANBgsqhkiG9xICAQMBBjANBgsq
hkiG9xICAQMBCDANBgsqhkiG9xICAQMBBzANBgsqhkiG9xICAQMBCTANBgsqhkiG9xICAQMB
CjANBgsqhkiG9xICAQMBCzANBgsqhkiG9xICAQMBDjANBgsqhkiG9xICAQMBDzANBgsqhkiG
9xICAQMBEDANBgkqhkiG9w0BAQsFAAOCAQEAMJYRwLPJ91K7e2mA2Nj10W0o5JMHYkaa+ctL
8/xY8QzIHFI5Ij+iydpPN9KCYn/4Sy80T3aNoYkFlS0GRQXhf0nsiY7TWJwAKw4AiO/yJ37/
oRKRgtyRicvaJ6RjlHCXBOalFLw9UtpodP4/idC51lxzsolaQZraBjVe7PL95PhS7D+22Nff
InzLdIb1DBf54NwOVfPIgABtxH1fhZrja7EhR9RoUw5E1O6iWaAuP/xWhSTQFWlhyA0/kkIi
9/HXaY0hYnhcjcbPPqjpyfIhSFjjXhjqK7t2wPrSrBFLFUbnLiNlgQHrvNYF5IqgIfnSBWIr
m3rfLhpZZJ/xJ7Yf6DCCA4owggJyoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UE
BhMCVVMxHzAdBgNVBAoTFk1JVCBMaW5jb2xuIExhYm9yYXRvcnkxDDAKBgNVBAsTA1BLSTEY
MBYGA1UEAxMPTUlUTEwgUm9vdCBDQS0yMB4XDTE2MDQyMDEyMDAwMFoXDTM1MDQxOTIzNTk1
OVowVjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFk1JVCBMaW5jb2xuIExhYm9yYXRvcnkxDDAK
BgNVBAsTA1BLSTEYMBYGA1UEAxMPTUlUTEwgUm9vdCBDQS0yMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAv3WoBEGOOJtm4ucvaf6vKIFPs8watCd6Smwq/XeRNo7P3jPIxNPw
F398RGDUmPJIXA7idzD6j0opFIW+kLqYye9e788PV0dqaJlX8818fNDbSE+8B6hieqKTR7Vf
OI74UVQEUKVRFuRFw6uVYuvgew2Tj/C2dEee37eruQl5nHkbV2OsWnZ7O+yt+etd6HRcaXLl
P9q8WKgA3B7vkOVIMCKoAuaWj+BFq7K+WNkiyi/KdOH9JmOpbyRK4jcA7xbLnF8JFUSNg5c4
Y1BJrFaZtkCeG6Nm9p524GllkRFzPgpj8VicV+AK+9rY07dTx02kYotTnKuy0YxBAwsUXxAQ
EwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT/ycllTFOA8akMPCGugirH
7vgy+zAfBgNVHSMEGDAWgBT/ycllTFOA8akMPCGugirH7vgy+zAOBgNVHQ8BAf8EBAMCAYYw
DQYJKoZIhvcNAQELBQADggEBAHqYfEf/3J5aMKhlYQ0PnUAbMB8jZSr9/HvjfOF00crFUCfS
rqG8JQwo+S/iq66gcp62FEgJ0fQkDgVg6m+C2ETo1LoWiSxhYCfcSIQECljlXwR8wFSayF82
2S69IqvHhdq4d58jU6gYi6ssjU4vwsvsVLRJKk/m/Cg/w8gW6YHM5ahBD6/5Ccel2fI7oSms
kO991+otrC11YfDwCFvz7Am0r+K9iVhSWta4hmIuV0YBia07eZKSO02LPgQ8YOz3ku0Yt+mh
8VWRKux2CcYjMpk+WDV0BMp75tqb6pqBFkcKvEBXqxg+8+G/umjii4H0c5kvJhaQyykbmOKm
xO9IcJIwggT2MIID3qADAgECAhNZAAA7OX5fo0OiIK0RAAAAADs5MA0GCSqGSIb3DQEBCwUA
MFExCzAJBgNVBAYTAlVTMR8wHQYDVQQKDBZNSVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYD
VQQLDANQS0kxEzARBgNVBAMMCk1JVExMIENBLTUwHhcNMTgwODI4MjE0NTI5WhcNMjEwODI3
MjE0NTI5WjBhMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4gTGFib3JhdG9y
eTEPMA0GA1UECxMGUGVvcGxlMSAwHgYDVQQDExdCbHVtZW50aGFsLlVyaS41MDAxMDU4NDCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI5Vc19RKc/69lmwhogDOjjzPQbmc8s6
Z6rzP6oUHAswDICqZWwPt+FTbKr0YTAqRNsTEN4YiW0fORK+fNRvClo0pdiCqj3DwDQZLRI4
Dak1yTsUtVe35oomQbXtO+0A0L/CowYri/UKeRG1i1/0cXSf4mAx0ed9wh2SordAb8o2FuOU
0B2ppnqjro1VFugHHX6QOggaeLFOprT5gnTZUmqM37/d4DGB9XDdTQi144zQSwSWKkaUThsy
D9CHSRNcB79HBvlZGSM+BkIbayPdhQAuz4yKsOZEWPx/6LnMotzBevSswnCDf+u9ajCgMnje
WbrZRN+xoYEuhycXyK2b8/MCAwEAAaOCAbUwggGxMB0GA1UdDgQWBBTZUpq7Rsccv42yU9UQ
4wvojOl4pzAOBgNVHQ8BAf8EBAMCBSAwHwYDVR0jBBgwFoAUL++7xg0du+lq/qxn8wc7CHb2
S1kwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5sbC5taXQuZWR1L2dldGNybC9sbGNh
NTBmBggrBgEFBQcBAQRaMFgwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9n
ZXR0by9sbGNhNTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AubGwubWl0LmVkdS9vY3NwMD0G
CSsGAQQBgjcVBwQwMC4GJisGAQQBgjcVCIOD5R2H7Kdmhq2HFYPq8EWFtqEfHYXr0HCD6+0g
AgFkAgEJMCUGA1UdJQQeMBwGBFUdJQAGCCsGAQUFBwMEBgorBgEEAYI3CgMEMBkGA1UdEQQS
MBCBDnVyaUBsbC5taXQuZWR1MBgGA1UdIAQRMA8wDQYLKoZIhvcSAgEDAQgwJwYJKwYBBAGC
NxQCBBoeGABMAEwAVQBzAGUAcgBFAG4AYwAtAFMAVzANBgkqhkiG9w0BAQsFAAOCAQEACyN6
Yhi9LApOPpf60ypSV2WmV3sqnrsrdlPTW+am4wMK/M/5PZmt5jFVtXaErkWYdrbMdjeo2o/G
9N2DnrFOhz7kDYM9HC9AH/rWCfoSkI/C2N6Rq/uDnRJfao61wyv37qKtanNdkp+reyLxdVPn
foVrD/VZli4UV28u4XBuYDkjXPyyiH+bb395FnxOtTA3Uz41Ohpdvr6oLPEuy0IP4MPfK5wD
mS6GXcB+ze9sYEp+DJxE7WAbkW5Y536WPl/rfWm/k6ZC1KPVSRM7mS+atk44VOgzPLXkl6Tu
6zY8tMczfr5F0om1JfN8G50s4QDUGtsMgzW+LXVDhFD24xnUojGCAf4wggH6AgEBMGgwUTEL
MAkGA1UEBhMCVVMxHzAdBgNVBAoMFk1JVCBMaW5jb2xuIExhYm9yYXRvcnkxDDAKBgNVBAsM
A1BLSTETMBEGA1UEAwwKTUlUTEwgQ0EtNQITWQAE/KGDHCQY5NLn7AAAAAT8oTANBglghkgB
ZQMEAgEFAKBpMC8GCSqGSIb3DQEJBDEiBCD3z/ZsN9OTAwxzKkNmhZWC3oFXwBhFcAopnuad
xFEnBjAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMTAyMTQw
MTUzMzJaMA0GCSqGSIb3DQEBAQUABIIBAF4ZEUlowy82Judeao9vc2XCjtwfRI7bsIm8KeEX
P/a+k9K3sfzybiHXfqgySJqpt9YSci6yc50aBxWPCP+YV+BedeMUE7Fu4/0F/Dpdkp6fI0E+
pHRm98KetXS1pXI8h92O/N3tDesgJPAhyggsC86BdhckvNPQX4ceggC1NtcL4sum33oCT5hZ
rneJoQ34zcJ207BBbot5yv9hSFcv4hVqv43JkYffEezudJWC6hnzyaknrfnOm2Vt2p0pshdv
xHsfhYMe0slImRmCx+gTnu1WdAFBW9jAXDAeBGqFIFrmzkakJ7vUh7jPJOPiDtp8aYdmXsmr
pgcm46l7VFSbPM0=

--B_3696094412_2008526837--